Vulnerability scanner for Python dependencies using the OSV API
Project description
pyau
Vulnerability scanner for Python dependencies using the OSV API.
Supports uv.lock, poetry.lock, pyproject.toml, and requirements.txt — no environment activation needed.
Install
pip install pyau
Usage
# Auto-detect lockfile in current project
pyau pyproject.toml
# Scan only direct dependencies (not transitive)
pyau pyproject.toml --direct-only
# Scan a specific lockfile
pyau uv.lock
pyau poetry.lock
# JSON output (for CI/CD integration)
pyau pyproject.toml --json
# Exit with code 1 if vulnerabilities found (CI gate)
pyau pyproject.toml --exit-code
# Include dev dependencies (Poetry only)
pyau pyproject.toml --group main --group dev
How it works
- Parses your lockfile to get exact resolved versions
- Sends a single batch request to the OSV API
- Fetches full details (severity, fix version) for each vulnerability found
- Reports findings with CVSS score, label, and recommended fix version
Development
# Install with dev dependencies
pip install -e ".[dev]"
# Run tests
pytest tests/
# Lint
ruff check src/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyvulscan-0.1.0.tar.gz
(132.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
pyvulscan-0.1.0-py3-none-any.whl
(12.6 kB
view details)
File details
Details for the file pyvulscan-0.1.0.tar.gz.
File metadata
- Download URL: pyvulscan-0.1.0.tar.gz
- Upload date:
- Size: 132.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.24 {"installer":{"name":"uv","version":"0.9.24","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
778760d95797799a27bc4c96b75b76f9079006a5f73e3991be59cc8de5651dc8
|
|
| MD5 |
979b8ad19e45789c4f21c7ff7b0a9f2d
|
|
| BLAKE2b-256 |
a51d141089c1a864018ed47655a0e4af330d2477d637fc94f9b1d9e0a4b800ad
|
File details
Details for the file pyvulscan-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pyvulscan-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.24 {"installer":{"name":"uv","version":"0.9.24","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
968c2d5f3d48d3b43e12aab99ff1fac225cd900787630ea339cd5a1d19c040ca
|
|
| MD5 |
fbc8ddcf3b4a1f1458ba1897dfb4f8c4
|
|
| BLAKE2b-256 |
3e55b36f4d399e8126f80b04411721067232a78ca3f2de0dc8539947c5f70b19
|
